[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 325-1] linux-2.6 security update



Package        : linux-2.6
Version        : 2.6.32-48squeeze16
CVE ID         : CVE-2015-2925 CVE-2015-5257 CVE-2015-7613

This update fixes the CVEs described below.

CVE-2015-2925

    Jann Horn discovered that when a subdirectory of a filesystem was
    bind-mounted into a chroot or mount namespace, a user that should
    be confined to that chroot or namespace could access the whole of
    that filesystem if they had write permission on an ancestor of
    the subdirectory.  This is not a common configuration for this
    kernel version.

CVE-2015-5257

    Moein Ghasemzadeh of Istuary Innovation Labs reported that a USB
    device could cause a denial of service (crash) by imitating a
    Whiteheat USB serial device but presenting a smaller number of
    endpoints.

CVE-2015-7613

    Dmitry Vyukov discovered that System V IPC objects (message queues
    and shared memory segments) were made accessible before their
    ownership and other attributes were fully initialised.  If a local
    user can race against another user or service creating a new IPC
    object, this may result in unauthorised information disclosure,
    unauthorised information modification, denial of service and/or
    privilege escalation.

    A similar issue existed with System V semaphore arrays, but was
    less severe because they were always cleared before being fully
    initialised.

For the oldoldstable distribution (squeeze), these problems have been
fixed in version 2.6.32-48squeeze16.

For the oldstable distribution (wheezy), these problems will be fixed
in version 3.2.68-1+deb7u5.

For the stable distribution (jessie), these problems will be fixed
in version 3.16.7-ckt11-1+deb8u5 or have been fixed earlier.

-- 
Ben Hutchings - Debian developer, member of Linux kernel and LTS teams


Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: